VYPR
High severityOSV Advisory· Published Dec 12, 2025· Updated Dec 12, 2025

CVE-2025-67819

CVE-2025-67819

Description

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessible to the service process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/weaviate/weaviateGo
>= 1.30.0, < 1.30.201.30.20
github.com/weaviate/weaviateGo
>= 1.31.0-rc.0, < 1.31.191.31.19
github.com/weaviate/weaviateGo
>= 1.32.0-rc.0, < 1.32.161.32.16
github.com/weaviate/weaviateGo
>= 1.33.0-rc.0, < 1.33.41.33.4

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.